I have effectively implemented T-POT within the Microsoft Azure Cloud platform. I will now explore more into the web interface of T-POT.
Click on "OK" for the PuTTY Fatal Error. And close PuTTY.
- To access T-POT web interface, we will use the VM IP address with HTTPS and port 64297.
- Copy your VM IP.
- On your browser URL: Https://[VM IP address]:6429.
- https://172.174.107.103:64297 for me.
- Click on "Advanced".
- Click on "Proceed on 172.174.107.103 (unsafe)".
- Click on "Proceed on 172.174.107.103 (unsafe)".
- Type in your username and password for the PuTTY T-POT installation.
- Click on "Sign in".
- Successfully access T-POT web Interface.
Overview of T-POT Sections
- Attack Map: This section features a dynamic attack map, providing real-time visualization of attacker geolocations and the nature of attacks directed at your honeypot.
- Cockpit: The primary dashboard for your honeypot infrastructure offers a real-time overview of honeypot activity, presenting data on the frequency of attacks, the most prominent attackers, and the most frequently targeted services.
- Cyberchef: An online data analysis and decoding tool, seamlessly integrated with T-POT, facilitating the examination of captured traffic and the identification of patterns.
- Elasticvue: An Elasticsearch client facilitates the visualization of data collected by T-POT, enabling users to search for specific events and view the outcomes in a variety of visual formats.
- Kibana: An integrated tool within the teapot facilitates the visualization of collected data from the honeypot. It empowers users to craft bespoke dashboards and generate reports derived from the gathered data.
- Spiderfoot: A reconnaissance tool that facilitates open-source intelligence gathering, allowing users to acquire pertinent information concerning potential threat actors from publicly accessible sources. It enables the extraction of data related to IP addresses, domains, email addresses, and other relevant details.
Honeypot Web Interface.
I have effectively implemented T-POT within the Microsoft Azure Cloud platform. I will now explore more into the web interface of T-POT.
- To access T-POT web interface, we will use the VM IP address with HTTPS and port 64297. - Copy your VM IP. - On your browser URL: Https://[VM IP address]:6429. - https://172.174.107.103:64297 for me. - Click on "Advanced". - Click on "Proceed on 172.174.107.103 (unsafe)".
- Click on "Proceed on 172.174.107.103 (unsafe)".
- Type in your username and password for the PuTTY T-POT installation. - Click on "Sign in".
- Successfully access T-POT web Interface.
Overview of T-POT Sections
- Attack Map: This section features a dynamic attack map, providing real-time visualization of attacker geolocations and the nature of attacks directed at your honeypot. - Cockpit: The primary dashboard for your honeypot infrastructure offers a real-time overview of honeypot activity, presenting data on the frequency of attacks, the most prominent attackers, and the most frequently targeted services. - Cyberchef: An online data analysis and decoding tool, seamlessly integrated with T-POT, facilitating the examination of captured traffic and the identification of patterns. - Elasticvue: An Elasticsearch client facilitates the visualization of data collected by T-POT, enabling users to search for specific events and view the outcomes in a variety of visual formats. - Kibana: An integrated tool within the teapot facilitates the visualization of collected data from the honeypot. It empowers users to craft bespoke dashboards and generate reports derived from the gathered data. - Spiderfoot: A reconnaissance tool that facilitates open-source intelligence gathering, allowing users to acquire pertinent information concerning potential threat actors from publicly accessible sources. It enables the extraction of data related to IP addresses, domains, email addresses, and other relevant details.